The majority of cryptocurrency investors had always entrusted custodial institutions like crypto exchanges with their assets without pushing overly hard for transparency or performing verifications to ensure that reserves were actually being maintained.
After the FTX collapse, however, this implicit trust has been shattered. In response, the call for proof of reserves has resurfaced.
In this article, let us demystify the concept of proof of reserves, shed light on how it works and explore its limitations.
What are Proof of Reserves?
Ideally, any exchange user should be able to withdraw their funds at any time.
Proof of reserves is a cryptographic method that demonstrates an exchange or institution’s ability to honor withdrawals from its platform at all times by providing a way of keeping tabs on customers’ funds.
Broadly it consists of two parts: (1) assets which are represented by a pool of tokens held within a set of exchange addresses and (2) liabilities which would be a current record of customers’ deposits. These two should at least be equal at all times since custodial financial institutions like centralized exchanges are not supposed to be utilizing customers’ funds for other purposes.
To verify that an exchange is solvent via a proof of reserve audit, a “Merkle tree” is used to aggregate the total of all customer balances without exposing any private information.
Merkle Tree
For example an exchange may publicly state that their total liabilities amount is 10,000 Bitcoins, which means that they owe their users 10,000 Bitcoins.
The problem here is that we do not really know if that number is true as the exchange may leave some accounts out or report some wrong balances to try and make their liabilities appear smaller to the public.
To ensure the accuracy of an exchange’s reported liabilities, a complete list of user accounts and their corresponding balances is required. But sharing this information publicly would likely raise a lot of privacy concerns.
To address this, exchanges have adopted Merkle trees which enable them to publish their total liabilities whilst preserving user privacy.
Merkel Trees are very technical but in simple terms, they have a Merkle root which is the single point of connection for the data branches and ensures that the right information is stored in each of them.
Therefore, the information contained in each wallet address containing user assets can be aggregated to form one Merkel root which represents the sum of all user deposits.
They also provide a way for users to verify that specific assets tied to their own accounts are actually included in the audit. On top of that, Merkel trees ensure that data stored in the ‘branches’ and ‘leaves’ cannot be manipulated without being easily detected.
Read: Why CEXs Need Merkle Tree Proof-of-Reserves
Limitations
Despite its advantages, there are limits even to this system.
The Merkle tree can only match the snapshot of reserves at a specific point in time; it will require a newly updated Merkle tree as the reserve balance changes. Furthermore, it is also difficult to account for any off-chain liabilities.
Many current attestations of reserves by exchanges only include assets but not liabilities, or have not been conducted with auditor oversight.
Implementing Proof of Reserves in Custodial Institutions
PoR allows users to easily conduct the bare minimum due diligence on custodial platforms by providing a means to verify custody of assets.
The primary objective of Proof of Reserves is to enable customers and third parties to verify the assets held by institutions and their corresponding liabilities. This will let investors get a better view of how their funds are handled over time and demand clarity for each action taken by their custodian.
This will mitigate (not eliminate) the chances of investors losing their assets to unforeseen events resulting from poor management of users’ funds by a custodial institution. And in the event that they feel that the platform’s custody practices have become too risky over time, they can just modify or withdraw their investments to minimize risks.
Read: Swiss Custody Report Shows The State Of Digital Asset Custody In Switzerland
How Proof of Reserves Builds User Trust
PoR is just as important from a custodial institution’s point of view.
Investors are swiftly losing trust in custodial institutions due to the shadiness discovered in recent events. Therefore, it is in a reputable institution’s own best interests to try to regain this lost trust by developing good Proof of Reserves facilities, and making them available to their customers.
How to Track an Exchange’s Proof of Reserves
- Check the exchange’s website: Many exchanges now publish these reports including snapshots of their reserves and third-party auditor verifications.
- Use PoR tracking tools: CoinGecko and Glassnode allows users to monitor the proof of reserves of multiple exchanges in one place!
- Follow the exchange on social media: Exchanges often announce proof of reserves updates through their social media channels.
Final Thoughts
Proof of Reserves are a step in the right direction for the crypto industry and is a win-win situation for the users, custodians and potentially regulators, especially with the prospect of regulation looming as days go by. Do note that Merkle tree-based proof-of-reserve would not prevent the misappropriation of customer funds completely; it only tracks holdings and nothing more since the custodians will still have control over your funds.
It is advisable to use hardware wallets to secure the majority of your assets. With increasing regulation on the horizon proof of reserves are set to play a pivotal role in fostering trust and transparency in the world of cryptocurrencies.
Frequently Asked Questions (FAQs)
Proof of Reserves are a comprehensive audit or assessment to verify that a cryptocurrency exchange genuinely holds its users’ deposits or assets. Independent third party auditing firms typically conduct this audit to make sure that the exchange’s reserves match or exceed the amount owed to its users.
Proof of Reserves are crucial to maintain trust and transparency between crypto exchanges and their customer making sure that they are holding the assets they claim to have.
Merkle trees aggregate all wallet addresses containing user assets into a single Merkle root. The “root” represents the sum of all user deposits making sure that the integrity of the information and verifying the accuracy of their specific assets in the audit can detect manipulation of data within the “branches” and “leaves.”
Proof of Reserves can only match the snapshot of reserves at a specific point in time. So it can be challenging to account for off-chain liabilities such as assets stored in hardware wallets. Also some attestations of reserves by exchanges may only include assets and neglect liabilities or they may conduct audits without auditor oversight.